diff options
author | Daniel Lowrey <rdlowrey@php.net> | 2014-01-28 10:27:00 -0700 |
---|---|---|
committer | Daniel Lowrey <rdlowrey@php.net> | 2014-01-28 10:27:00 -0700 |
commit | 7a90254231eb419d2d7acfc5a3ce8c7f0e9ba181 (patch) | |
tree | ea7c54139e174e2bab0d3d8c492efb27f2704629 | |
parent | b4b4d9697fa43a526466165a3ca89d058296cb04 (diff) | |
download | php-git-7a90254231eb419d2d7acfc5a3ce8c7f0e9ba181.tar.gz |
Update NEWS/UPGRADING
-rw-r--r-- | NEWS | 2 | ||||
-rwxr-xr-x | UPGRADING | 11 |
2 files changed, 13 insertions, 0 deletions
@@ -69,6 +69,8 @@ PHP NEWS . Peer name verification matches SAN DNS names for certs using the Subject Alternative Name x509 extension. (Daniel Lowrey) . Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey) + . Peer certificates now verified by default in client socket operations + (RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey) - PDO_pgsql: . Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo) @@ -28,6 +28,17 @@ PHP X.Y UPGRADE NOTES containing non-lowercase values inside JSON arrays or objects has never been accepted. +- openssl: + To prevent Man-in-the-Middle attacks against encrypted transfers client + streams now verify peer certificates by default. Previous versions + required users to manually enable peer verification. As a result of this + change, existing code using ssl:// or tls:// stream wrappers (e.g. + file_get_contents(), fsockopen(), stream_socket_client()) may no longer + connect successfully without manually disabling peer verification via the + stream context's "verify_peer" setting. Encrypted transfers delegate to + operating system certificate stores by default, so many/most users *should* + be unaffected by this transparent security enhancement. + ======================================== 2. New Features ======================================== |